Signature Detail
Short Name |
HTTP:STC:SILVERLIGHT-CE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Silverlight Privilege Escalation Attempt |
Release Date |
2015/06/09 |
Update Number |
2503 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Silverlight Privilege Escalation Attempt
This signature detects attempts to exploit a known vulnerability against Microsoft Silverlight. A successful attack can lead to arbitrary code execution.
Extended Description
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
Affected Products
- microsoft .net_framework 2.0 (sp2)
- microsoft .net_framework 3.5.1
- microsoft .net_framework 4.0
- microsoft silverlight 4.0.50524.00
- microsoft silverlight 4.0.50826.0
- microsoft silverlight 4.0.50917.0
- microsoft silverlight 4.0.51204.0
- microsoft silverlight 4.0.60129.0
- microsoft silverlight 4.0.60310.0
- microsoft silverlight 4.0.603310.0
- microsoft silverlight 4.0.60531.0
- microsoft silverlight 4.0.60831.0
- microsoft silverlight 4.1.10111
References
- CVE: CVE-2012-0014